Hírolvasó
[$] Grabbing file descriptors with pidfd_getfd()
In response to a growing desire for ways to control groups of processes
from user space, the kernel has added a number of mechanisms that allow one
process to operate on another. One piece that is currently missing,
though, is the ability for a process to snatch a copy of an open file
descriptor from
another. That gap may soon be filled, though, if the pidfd_getfd()
system-call patch set from Sargun Dhillon is merged.
07/19 IPFire 2.25-core158
03/14 AryaLinux 2.4
Security updates for Thursday
Security updates have been issued by Debian (firefox-esr), Fedora (firefox), Oracle (kernel), Slackware (firefox and kernel), SUSE (apache2-mod_perl, git, java-1_7_0-ibm, java-1_7_1-ibm, log4j, mariadb, and nodejs8), and Ubuntu (gnutls28, graphicsmagick, and nss).
Maddock: The End of Indie Web Browsers
Samuel Maddock writes
that the adoption of the "encrypted media extensions" by the World Wide Web
Consortium has had just the sort of effect that people were worried about four years ago.
"No longer is it possible to build your own web browser capable of
consuming some of the most popular content on the web. Websites like
Netflix, Hulu, HBO, and others require copyright content protection which
is only accessible through browser vendors who have license agreements with
large corporations."
Firefox 72.0.1 released
There is another Firefox release out there; this
advisory suggests that updating quickly would be a good idea:
"Incorrect alias information in IonMonkey JIT compiler for setting
array elements could lead to a type confusion. We are aware of targeted
attacks in the wild abusing this flaw."
Firefox pkg for 6.6-stable will not receive latest updates. [Updated]
An update has now been committed to the -stable branch for the latest firefox version, and the package is available for updating!
Previously, solene@ wrote:
Dear OpenBSD users, due to Firefox being too complicated to package (thanks to cbindgen and rust dependencies) on the stable branch (as this would require testing all rust consumers), the 6.6-stable branch won't receive updates for www/mozilla-firefox, so it will remain vulnerable to MFSA2020-03 and vulnerabilities that may appear after.
[$] LWN.net Weekly Edition for January 9, 2020
The LWN.net Weekly Edition for January 9, 2020 is available.
[$] Toward a conclusion for Python dictionary "addition"
One of Guido van Rossum's last items of business as he finished his term on the inaugural steering council for Python was to
review the Python Enhancement Proposal (PEP) that proposes a new update and union
operators for dictionaries. He would still seem to be in favor of the idea,
but it will be up to the newly elected steering
council and whoever the council chooses as the PEP-deciding delegate (i.e. BDFL-Delegate).
Van Rossum provided some feedback on the PEP and,
inevitably, the question of how to spell the operator returned, but the
path toward getting a decision on it is now pretty clear.
Security updates for Wednesday
Security updates have been issued by Arch Linux (firefox), Debian (python-django and wordpress), Fedora (dovecot), Mageia (opensc, radare2, and varnish), Red Hat (rh-java-common-apache-commons-beanutils), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, java-1_8_0-ibm, java-1_8_0-openjdk, libzypp, openssl-1_0_0, sysstat, and tomcat), and Ubuntu (clamav, linux-azure, and linux-lts-xenial, linux-aws).
[$] The trouble with IPv6 extension headers
It has taken longer than anybody might have liked, but the IPv6 protocol is
slowly displacing IPv4 across the Internet. A quick, highly scientific
"grep the access logs" test shows that about 16% of the traffic to
LWN.net is currently using IPv6, and many large corporate networks are
using IPv6 exclusively internally. This version of the IP protocol was
designed to be more flexible than IPv4 in a number of ways; the "extension
header" mechanism is one way in which that flexibility is achieved. A
proposal to formalize extension-header processing in the kernel's
networking stack has led to some concerns, though, about how this feature
will be used and what role Linux should play in its development.
06/18 Manjaro 21.0.7
Ingebrigtsen: Whatever Happened To news.gmane.org?
Lars Ingebrigtsen provides
details on the current status of the Gmane archive server and asks for
feedback on whether it is still useful. "Over the past few years,
people have asked me what happened to Gmane, and I’ve mostly clasped my
hands over my ears and gone 'la la la can’t hear you', because there’s
nothing about the story I’m now finally going to tell that I don’t find
highly embarrassing. I had hoped I could just continue that way until I
die, but perhaps it would be more constructive to actually tell people
what’s going on instead of doing an ostrich impression." (Thanks to
Giovanni Gherdovich).
Firefox 72.0
Firefox 72.0 has been released. In this version Firefox’s Enhanced
Tracking Protection now blocks fingerprinting
scripts. Also picture-in-picture video is available. See the release
notes for the details of these features and other changes.
Security updates for Tuesday
Security updates have been issued by Debian (nss and pillow), Red Hat (java-1.8.0-ibm and kernel), Slackware (firefox), SUSE (virglrenderer), and Ubuntu (linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-kvm, linux-oracle, linux-raspi2, and linux-snapdragon).
[$] Removing the Linux /dev/random blocking pool
The random-number generation facilities in the kernel have been reworked
some over the past few months—but problems in that subsystem have been
addressed over an even longer time frame. The most
recent changes were made to stop the getrandom() system call from
blocking for long periods of time at system boot, but the underlying cause
was the behavior of the blocking random pool. A recent patch set would
remove that pool and it would seem to be headed for the mainline kernel.
02/14 Project Trident 20.02
Security updates for Monday
Security updates have been issued by Fedora (chromium, cyrus-imapd, drupal7-l10n_update, drupal7-webform, htmldoc, nethack, php, and singularity), Mageia (advancecomp, apache-commons-compress, cyrus-imapd, cyrus-sasl, dia, freeimage, freeradius, igraph, jhead, jss, libdwarf, libextractor, libxml2, mediawiki, memcached, mozjs60, openconnect, openssl, putty, python-ecdsa, python-werkzeug, shadowsocks-libev, and upx), Oracle (container-tools:1.0 and container-tools:ol8), and Red Hat (kpatch-patch).
Kernel prepatch 5.5-rc5 and stable updates
The 5.5-rc5 kernel prepatch has been
released. Linus added a note to the release announcement: "One sad
piece of news I got this past week was that Bruce
Evans has passed away. Bruce wasn't really ever really much directly
involved in Linux development - he was active on the BSD side - but he was
the developer behind Minix/i386, which was what I used for the original
Linux development in the very early days before Linux became
self-hosting."
On the stable-update side, 5.4.8, 4.19.93, 4.14.162, 4.9.208, and 4.4.208 are all available with another set of important fixes.